From 45e2b350a91a08067f60a7cfdc958a8a619fbdb0 Mon Sep 17 00:00:00 2001
From: shortcutme <tamas@zeronet.io>
Date: Sun, 19 Feb 2017 00:51:47 +0100
Subject: [PATCH] Raise exception on invalid path

---
 src/Ui/UiRequest.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/Ui/UiRequest.py b/src/Ui/UiRequest.py
index a85f3c5a..ad6d532f 100644
--- a/src/Ui/UiRequest.py
+++ b/src/Ui/UiRequest.py
@@ -330,6 +330,9 @@ class UiRequest(object):
         if path.endswith("/"):
             path = path + "index.html"
 
+        if ".." in path:
+            raise Exception("Invalid path")
+
         match = re.match("/media/(?P<address>[A-Za-z0-9\._-]+)/(?P<inner_path>.*)", path)
         if match:
             path_parts = match.groupdict()